fix: bump go to 1.22.12 to fix vulns CF-2302#196
Conversation
Codacy's Analysis Summary0 new issues (≤ 1 medium issue) ✅ +0.00% coverage variation (-0.50%) Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified:
|
Codacy's Analysis Summary0 new issue (≤ 1 medium issue)
|
There was a problem hiding this comment.
Pull request overview
This PR updates the module’s declared Go version in go.mod as part of addressing reported vulnerabilities (CF-2302).
Changes:
- Bump the
godirective ingo.modfrom1.22.4to1.24.13.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
manufacturist
force-pushed
the
fix/cf-2302-vuln
branch
from
9c55224 to
f65b6d2
Compare
manufacturist
changed the title
manufacturist
force-pushed
the
fix/cf-2302-vuln
branch
from
f65b6d2 to
0752e26
Compare
There was a problem hiding this comment.
Pull request overview
Updates the module’s declared Go version to a patched 1.22.x release to address reported vulnerabilities (CF-2302).
Changes:
- Bump
godirective ingo.modfrom1.22.4to1.22.12.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
There was a problem hiding this comment.
Pull request overview
Updates the repository’s Go toolchain version (per PR title: vulnerability remediation) and adjusts integration-test fixtures for generated Codacy configuration outputs.
Changes:
- Bumps the Go version in
go.modto1.22.12. - Updates integration-test expected
codacy.yamltool entries/versions (notably opengrep/semgrep and trivy). - Adds
.codacy/codacy.yamlfiles inside integration-test directories.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| integration-tests/init-without-token/expected/codacy.yaml | Updates expected tool list/versions for local init output. |
| integration-tests/init-without-token/.codacy/codacy.yaml | Adds a repo-tracked .codacy config inside the test directory. |
| integration-tests/init-with-token/expected/codacy.yaml | Updates expected opengrep version for token-based init output. |
| integration-tests/init-with-token/.codacy/codacy.yaml | Adds a repo-tracked .codacy config inside the test directory. |
| integration-tests/config-discover/expected/codacy.yaml | Updates expected opengrep version for local config discover output. |
| go.mod | Bumps Go version to 1.22.12. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| - opengrep@1.16.2 | ||
| - pmd@7.11.0 | ||
| - pylint@3.3.6 | ||
| - revive@1.7.0 | ||
| - trivy@0.69.3 | ||
| - trivy@0.69.3 |
| - eslint@8.57.0 | ||
| - lizard@1.17.31 | ||
| - opengrep@1.16.2 | ||
| - opengrep@1.16.4 |
| runtimes: | ||
| - dart@3.7.2 | ||
| - go@1.22.3 | ||
| - java@17.0.10 | ||
| - node@22.2.0 | ||
| - python@3.11.11 | ||
| tools: | ||
| - dartanalyzer@3.7.2 | ||
| - eslint@8.57.0 | ||
| - lizard@1.17.31 | ||
| - pmd@7.11.0 | ||
| - pylint@3.3.6 | ||
| - revive@1.7.0 | ||
| - semgrep@1.78.0 | ||
| - trivy@0.66.0 |
| @@ -0,0 +1,15 @@ | |||
| runtimes: | |||
| - dart@3.7.2 | |||
| - go@1.22.3 | |||
| runtimes: | ||
| - java@17.0.10 | ||
| - node@22.2.0 | ||
| - python@3.11.11 | ||
| tools: | ||
| - eslint@8.57.0 | ||
| - lizard@1.17.31 | ||
| - opengrep@1.16.4 | ||
| - pmd@6.55.0 | ||
| - pylint@3.3.9 | ||
| - trivy@0.69.3 |
Might need to bump to a higher version, e.g.
1.24.13